Communication between clients and servers over networks frequently involve sensitive information and/or commands. Clients may be providing credit card numbers or other personal data. Servers may be providing similar sensitive data, and may also issue commands that it would be undesirable to respond to if the entity issuing the command is not in fact the server. Information and commands are frequently carried over common networks that are freely accessible to numerous persons, some of whom may unethically, and even illegally interfere with or use communications not intended for them. For example, an attacker could bombard a client with undesired messages, “listen in” on communications not intended for the attacker, and even prompt communication from the server or the client and have the response directed to the attacker.
An example of client-server communications is voice over IP (VoIP) telephony, with exemplary VoIP phones being “stimulus” devices. No intelligence resides in the client/phone other than for responding to commands or sending status. The client sends telephony state status such as on-hook/off-hook, and keypad closures, and accepts commands from the server. All other intelligence between the client and server is contained in the server. The call server maintains the telephony state, issues all commands, and writes directly to the display of the phone. These commands and status are issued over a common Internet Protocol (IP) network. Since the IP network is open to anyone who can connect to the network, there is a serious security concern because persons could easily issued commands to i2004 phones. Malicious persons could, e.g., deny service to the phone, disrupt phone service, or even take command of the phone. A possible, serious attack could involve an attacker turning on a microphone of the i2004 phone set, directing the audio from the microphone to the attacker's location, and listening to this audio. Using the technique, the attacker could listen in to any audio in the vicinity of the phone, such as conversations in the phone user's office, unbeknownst to the phone user.